Email Is Still The Best Login

After downloading Skype 4.2, I realized that I could now invite all of my Facebook friends who had Skype accounts to my Skype contact list. So I did. Unfortunately the Skype UI for this sucks so I had to go through about 1,000 entries a screen of five at a time unchecking the Facebook friends I didn’t want on Skype. I ended up inviting about 280 – fortunately I was on a conference call for the thirty minutes it took me to grind through this.

The data field used for the match was email address. Shocking, I know. It’s the same data field used to log in to Facebook and Twitter. Google sort of uses email (at least the gmail) account for their authentication, although now that I have both my gmail account (brad.feld@gmail.com) and my email account (brad@feld.com) in Google’s system, I am constantly having to fight with the “reauthorize me to access that thing via brad.feld@gmail.com) game” since Google hasn’t solved for multiple email addresses yet.

More and more sites are integrating Facebook Connect, Twitter “Connect”, or both. Yahoo has such a golden opportunity to do this and own it but they blew it. Google seems to have also missed this and ceded it to Facebook and Twitter for some reason. Microsoft has been trying for a decade first with Passport and now Live ID. And then there is Skype with their 20m simultaneous users. Or Amazon with their gazillion users authenticating via email. And then there’s Barnes & Noble – if I want to create an account I get to use my email address. And the list goes on and on.

Facebook and Twitter are in a perfect position to own single sign on. I just don’t understand why Yahoo and Google blew this although I don’t really care. What I do care about is that there seems to be a natural convergence on email as the user id and authentication via widely pervasive services like Facebook and Twitter rather than entertainingly complex approaches like Oath.

I predict email is going to become even more important in the next few years. There’s no reason for me to have a phone number any more – you should just be able to contact me via brad@feld.com. And that should authenticate me anywhere. And – as a messaging protocol – I should be able to use my “inbox” (wherever or whatever it is) as my central notification point.

It’s remarkable that 15 years after commercial Internet email started to proliferate, it is still at the root of all the commercial Internet activity. Very very cool.

I can't wait to be the guy in the audience that says "I thought there would be refreshments".

A bit more seriously, email as the auth/identity token works because there really is a one-to-one mapping between an address & a person. Sure, one person can have more than one address (i.e. gmail.com v. feld.com), but one email address maps to only one person.

Even in cases where there's a generic address, say 'support@freepository.com', the backend systems map that address to one user. Use of email as token has evolved singularly because of this feature + folks can remember their address – they already had it when they showed up at your site.

kevinmarks

The problem with an email address is that it primarily a way to send you things, not to find out more about you. Conversely a URL is a fine place to start discovering more. I wrote about this a couple of years ago here: http://epeus.blogspot.com/2008/01/urls-are-people…

The problem is authenticating the email (clunky at present) and password management (don't want that shared between sites). Webfinger fixes this by giving a way to get from an email address to a profile URL, and hence ways to discover and auth a full profile, contacts/following/friend connections, and activity streams and so on.

Remembering which email address you used for a give site is often more of a pain; smarter sitesthese days support multiple identifiers for login for a given user, and bundle them well (FriendFeed is exemplary here).

Email as user ID (in all of its full-blown glory) is Webfinger Authentication via Twitter is OAuth

and I think WRAP (web access resource protocol), or OAuth 2.0, or whatever that ends up being is going to be important to FB connect going forward (just a guess). Also, i'd bet that activity streams get folded into all of this somewhere.

More than my non-engineer/marketing brain can handle. Fortunately, all of this topics and more will be addressed at Glue (http://www.gluecon.com) </promo>

http://philswenson.com phil swenson

FYI: you can forward you email from one google account to another. This sorta gives you a unified email box. When you go to send an email you get a drop down to pick an email address like so:http://grab.by/3rTt

I would have logged in using Y! OpenID but IntenseDebate doesn't support the latest version of OpenID.

http://intensedebate.com/people/bfeld Brad Feld

Interesting. I wonder what the sample size is.

http://twitter.com/arieldiaz @arieldiaz

I completely agree. Email is the original killer app, the easiest thing to remember, and the most universally accepted online identity.

What killed me about all the talk about OpenID was that it never actually worked in practice. I'm a techie, and I still never used it (despite the fact that I build one on my own URL, which has my name). I could never remember that final slash or not, and where the ID part comes.

People care about simplicity, and I really like the direction Facebook and Twitter are pushing this. I even wrote a whole blog post about Identity on the web, and how well positioned Facebook is (this was before FB Connect, which is only strengthening that position): http://theambitiouslife.com/social-mediaand039s-h…

Hopefully this single sign on will actually happen pretty soon.

http://intensedebate.com/people/bfeld Brad Feld

Even worse, the OpenId website for linking your accounts is just abysmal. I imagine that is part of what slows the adoption down also.

http://twitter.com/LIFESTUFFIKNOW @LIFESTUFFIKNOW

I remember you posting a few years ago about securing your name / surname as a domain as this would be our personal unique identifier, as well as suggesting that email should always be the best site authentication for most of the reasons above. Good call!

Now if only there was 'God Mode' single signon using the one email address for all authentication – still the unsolved Holy Grail…

leslie at lesliebarry dot com

http://intensedebate.com/people/paul_roales3753 Paul Roales

At the gMail pannel at SXSW the team said they were actively working to let you use Google Apps email addresses in place of @gmail.com addresses across all Google systems. I am not sure if that would help you or not (or if your still on the archaic Outlook you complain so much about).

http://romeda.org/ Blaine Cook

Try http://webfinger.org/login – it's just a demo, but it works across a number of domains (including Hotmail) to provide secure password-less login using just an email address. This is real and usable right now, and instead of clicking one of the four buttons below this comment form (two of which, intensedebate and wordpress.com don't apply for me, and I don't know what my openid identifier is, so that doesn't work, either, and sorry, but there's no way I'm giving you access to post to my Twitter account), I could just enter my name and email (which I have to do already), and you can deduce my login info and my website.

All that's left is for people to build it into their systems!

http://intensedebate.com/people/bfeld Brad Feld

Blaine – why did you take down the Twitter Oath and FB Connect examples?

AllenTomDude

Hi, I'm the guy at Yahoo who runs the Yahoo OpenID service, so I guess I blew it. :-/

The Yahoo OpenID service allows users to log into websites with their Yahoo email address via the OpenID protocol. Since OpenID is an open and interoperable standard, the exact same interface used to authenticate Yahoo users can also be used by other mail providers that support OpenID, including Google and AOL.

One of the problems with the OpenID protocol is that it does not support email addresses in the core protocol, instead it requires the Attribute Exchange extension to support email. Given that many people in the OpenID community now recognize that email address is a very valuable identifier, I expect that future versions of the OpenID protocol will natively support email address.

http://intensedebate.com/people/bfeld Brad Feld

Actually, I’m not sure that “you blew it” – it all depends on when you arrived at the scene. Yahoo could have and should have owned this around 2001.

http://www.localiter.com Derek Wohlfahrt

couldn't agree more about the pains of trying to use two google accounts on the same machine. like you , i (try to) use both a personal and business gmail account on the same machine, and it's a constant nightmare… CAN'T WAIT for them to address/fix this issue